From: Tom Hughes <tom@compton.nu>
Date: Wed, 29 May 2024 16:58:21 +0000 (+0100)
Subject: Merge remote-tracking branch 'upstream/pull/4853'
X-Git-Tag: live~815
X-Git-Url: https://git.openstreetmap.org./rails.git/commitdiff_plain/6f1a783900dbb42c15b53b7ad5920a5e5f05092e?hp=511f9f7d7c17462bb5225c3106081b40095544da

Merge remote-tracking branch 'upstream/pull/4853'
---

diff --git a/app/controllers/site_controller.rb b/app/controllers/site_controller.rb
index 8b742a585..15ffe58a2 100644
--- a/app/controllers/site_controller.rb
+++ b/app/controllers/site_controller.rb
@@ -19,6 +19,7 @@ class SiteController < ApplicationController
   content_security_policy(:only => :id) do |policy|
     policy.connect_src("*")
     policy.img_src(*policy.img_src, "*", :blob)
+    policy.script_src(*policy.script_src, :unsafe_eval)
     policy.style_src(*policy.style_src, :unsafe_inline)
   end
 
diff --git a/app/views/application/_auth_providers.html.erb b/app/views/application/_auth_providers.html.erb
index 554ec8dda..0cbb529a5 100644
--- a/app/views/application/_auth_providers.html.erb
+++ b/app/views/application/_auth_providers.html.erb
@@ -1,29 +1,42 @@
 <div>
-  <div class="list-inline justify-content-center d-flex align-items-center flex-wrap mb-3 gap-3" id="login_auth_buttons">
+  <div class="list-inline justify-content-center d-flex align-items-center flex-wrap w-100 mb-3" id="login_auth_buttons">
 
+    <% prefered_auth_button_available = false %>
     <% %w[google facebook microsoft github wikipedia].each do |provider| %>
       <% if Settings.key?("#{provider}_auth_id".to_sym) -%>
         <% if @preferred_auth_provider == provider %>
-          <div class="mx-2"><%= auth_button_preferred provider, provider %></div>
+          <% prefered_auth_button_available = true %>
         <% end %>
       <% end -%>
     <% end -%>
 
-    <div class="justify-content-center d-flex gap-1">
-      <div>
-        <%= link_to image_tag("openid.png",
-                              :alt => t("application.auth_providers.openid.title"),
-                              :size => "24"),
-                    "#",
-                    :id => "openid_open_url",
-                    :title => t("application.auth_providers.openid.title"),
-                    :class => "p-2 d-block" %>
+    <% if prefered_auth_button_available %>
+      <div class="list-inline justify-content-center d-flex align-items-center flex-wrap w-50">
+        <% %w[google facebook microsoft github wikipedia].each do |provider| %>
+          <% if Settings.key?("#{provider}_auth_id".to_sym) -%>
+            <% if @preferred_auth_provider == provider %>
+              <%= auth_button_preferred provider, provider %>
+            <% end %>
+          <% end -%>
+        <% end -%>
       </div>
+      <div class="list-inline justify-content-center d-flex align-items-center flex-wrap w-50">
+    <% else %>
+      <div class="list-inline justify-content-center d-flex align-items-center flex-wrap w-100">
+    <% end %>
+
+      <%= link_to image_tag("openid.png",
+                            :alt => t("application.auth_providers.openid.title"),
+                            :size => "24"),
+                  "#",
+                  :id => "openid_open_url",
+                  :title => t("application.auth_providers.openid.title"),
+                  :class => "p-2 d-block" %>
 
       <% %w[google facebook microsoft github wikipedia].each do |provider| %>
         <% unless @preferred_auth_provider == provider %>
           <% if Settings.key?("#{provider}_auth_id".to_sym) -%>
-            <div><%= auth_button provider, provider %></div>
+            <%= auth_button provider, provider %>
           <% end -%>
         <% end %>
       <% end -%>